public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd.org>
To: bitcoin-development@lists.sourceforge.net
Subject: [Bitcoin-development] Replace-by-fee v0.10.2 - Serious DoS attack fixed! - Also novel variants of existing attacks w/ Bitcoin XT and Android Bitcoin Wallet
Date: Sat, 23 May 2015 14:26:21 -0400	[thread overview]
Message-ID: <20150523182621.GA12761@savin.petertodd.org> (raw)
In-Reply-To: <20150504043601.GA14728@savin.petertodd.org>

[-- Attachment #1: Type: text/plain, Size: 1977 bytes --]

My replace-by-fee patch is now available for the Bitcoin Core v0.10.2
release:

    https://github.com/petertodd/bitcoin/tree/replace-by-fee-v0.10.2

This release fixes a serious DoS attack present in previous releases.
Upgrading is strongly recommended for relay nodes, and mandatory for
miners. Users of Luke-Jr's gentoo distribution should either disable RBF
until a patch is released, or run their node behind a patched node.

Previously replacements that spent outputs the transactions they
conflicted with would be accepted. This would lead to orphaned
transactions in the mempool, a potential bandwidth DoS attack for relay
nodes, and even worse, on mining nodes would cause Bitcoin to crash when
CreateNewBlock() was called.

Thanks goes to to Suhas Daftuar for finding this issue.


Additionally, while investigating this issue I found that
Andresen/Harding's relay doublespends patch¹, included in Bitcoin XT²,
also fails to verify that doublespends don't spend outputs of the
transactions they conflict with. As the transactions aren't accepted to
the mempool the issue is simply a variant of the bandwidth DoS attack
that's a well-known issue of Bitcoin XT. However, interestingly in
testing I found that Schildbach's Android Bitcoin Wallet³ fails to
detect this case, and displays the transaction as a valid unconfirmed
transaction, potentially leading to the user being defrauded with a
doublespend.  While a well-known issue in general - Schildbach's
implementation trusts peers to only send it valid transactions and
doesn't even detect doublespends it receives from peers - it's
interesting how in this case the attacker doesn't need to also do a
sybil attack.

1) https://github.com/bitcoin/bitcoin/pull/3883
2) https://github.com/bitcoinxt/bitcoinxt
3) https://play.google.com/store/apps/details?id=de.schildbach.wallet

-- 
'peter'[:-1]@petertodd.org
0000000000000000026ca21b4a83e1a818be96db4b532b7e9be2f60d47efff0a

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]

      parent reply	other threads:[~2015-05-23 18:26 UTC|newest]

Thread overview: 79+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-12  6:47 [Bitcoin-development] replace-by-fee v0.10.0rc4 Peter Todd
2015-02-12  7:23 ` Tamas Blummer
2015-02-12  7:45   ` Peter Todd
2015-02-12  8:27     ` Tamas Blummer
2015-02-12  8:49       ` Peter Todd
2015-02-12  9:01         ` Tamas Blummer
2015-02-15 20:51       ` Troy Benjegerdes
2015-02-12  8:16   ` Alex Mizrahi
2015-02-12 11:58 ` Mike Hearn
2015-02-12 12:23   ` Natanael
2015-02-12 12:49     ` Mike Hearn
2015-02-12 13:02       ` Natanael
2015-02-12 13:44         ` Mike Hearn
2015-02-12 14:36           ` Natanael
2015-02-12 14:53             ` Mike Hearn
2015-02-12 15:20               ` Natanael
2015-02-12 15:30                 ` Justus Ranvier
2015-02-12 13:36       ` Oleg Andreev
2015-02-12 12:52   ` Alex Mizrahi
2015-02-12 13:18     ` Mike Hearn
2015-02-12 13:45       ` Alex Mizrahi
2015-02-12 13:52         ` Mike Hearn
2015-02-12 14:04       ` Tamas Blummer
2015-02-12 14:16         ` Mike Hearn
2015-02-12 14:25           ` Tamas Blummer
2015-02-12 23:08             ` Tom Harding
2015-02-12 14:32       ` Alex Mizrahi
2015-02-12 15:15         ` Mike Hearn
2015-02-12 15:32           ` Natanael
2015-02-12 15:42             ` Mike Hearn
2015-02-12 15:54               ` Natanael
2015-02-12 16:57           ` Btc Drak
2015-02-12 17:24             ` Oleg Andreev
2015-02-12 18:11               ` Justus Ranvier
2015-02-12 18:37                 ` Allen Piscitello
2015-02-12 19:15                   ` Alan Reiner
2015-02-12 19:34                     ` Justus Ranvier
2015-02-12 19:45                       ` Peter Todd
2015-02-12 19:49                         ` Justus Ranvier
2015-02-12 19:47                       ` Allen Piscitello
2015-02-12 19:52                         ` Justus Ranvier
2015-02-12 20:02                           ` Natanael
2015-02-12 20:36                           ` Allen Piscitello
2015-02-14 14:47                             ` Ross Nicoll
2015-02-12 20:06                     ` Peter Todd
2015-02-12 19:49       ` Gregory Maxwell
2015-02-12 20:18         ` Peter Todd
2015-02-13 11:34         ` Mike Hearn
2015-02-12 12:54   ` Tamas Blummer
2015-02-12 14:42   ` Alex Mizrahi
2015-02-12 15:27   ` Jeff Garzik
2015-02-15 21:25     ` Troy Benjegerdes
2015-02-15 21:40       ` Adam Gibson
2015-02-19  8:56         ` Troy Benjegerdes
2015-02-21 19:09           ` Jorge Timón
2015-02-21 20:30             ` Mark Friedenbach
2015-02-21 22:47               ` Jeff Garzik
2015-02-22  1:15                 ` Peter Todd
2015-02-22  3:25                 ` Jorge Timón
2015-02-22  4:06                   ` Jeff Garzik
2015-02-22 11:41                     ` Eric Lombrozo
2015-02-22 12:06                       ` Eric Lombrozo
2015-02-22 13:41                         ` Eric Lombrozo
2015-02-22 13:53                           ` Peter Todd
2015-02-22 23:29                             ` Eric Lombrozo
2015-02-24  1:11                               ` Jeff Garzik
2015-03-01 17:59                         ` Troy Benjegerdes
2015-03-01 19:05                           ` Neil Fincham
2015-03-01 17:44                 ` Troy Benjegerdes
2015-02-12 16:15   ` Lawrence Nahum
2015-02-12 18:14 ` Tom Harding
2015-02-12 21:40 ` Josh Lehan
2015-02-22 16:36 ` Tom Harding
2015-02-22 17:12   ` Peter Todd
2015-02-22 19:25     ` Tom Harding
2015-02-22 21:50       ` Peter Todd
2015-05-04  4:36 ` [Bitcoin-development] New release of replace-by-fee for Bitcoin Core v0.10.1 Peter Todd
2015-05-05  2:23   ` Kevin Greene
2015-05-23 18:26   ` Peter Todd [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150523182621.GA12761@savin.petertodd.org \
    --to=pete@petertodd.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox